Make your own free website on Tripod.com
Agax v1.3 Manual

----------------------------------------------------------------------------

Agax is currently at version 1.3. If you already know how to use Agax and
are having problems with it, then take a look at the FAQ section at the bottom.

Agax

Agax is an antivirus application. It scans your disks and files for viruses.
It also contains Defender, which is an antivirus extension. Both of these
use Additives to discover and (in the case of Agax) repair infected files.
Additives are stored in the folder 'Additives' in the same folder as Agax.

The main window of Agax has the title 'Log'. It records Agax's antivirus
activity - in particular reporting the discovery of infected files, and the
success it has in repairing them. You can perform operations on the log with
the File menu.

Agax has two menus with identical contents but different titles - the
'Examine' and 'Repair' menus. These both do the same thing (scan for
viruses), except that 'Repair' will attempt to remove viruses from infected
files, whereas 'Examine' will just report the infection. Some files cannot
be repaired, and you are given the option of deleting these (if the Additive
responsible considers the file a threat) at the end of the scan. Agax
displays a progress bar during its scan of a volume. To stop the scan, click
the close box of the progress bar.

The 'Nasties' menu contains a list of the currently installed Additives. You
can view more information about an Additive by selecting it from this menu.
You can change when this Additive is used from the window which results.
There are three checkboxes: 'Examine files for this virus' uses this
Additive when it is examining; 'Repair files with this virus' uses this
Additive when repairing; 'Proactively repel this virus' uses this Additive
in Defender. Changes to the last checkbox will only take effect on restart.

These options as recorded in the preferences. When Agax starts up, it checks
to see how the list of Additives has changed from last time. If any are
missing, it will warn you of the fact, and if there are any new ones, it
will ask you what you want to do with them (enable all or disable all). You
can change this later through the information boxes described above. If Agax
can't find its preferences, it tells you and enables all Additives.

Defender

The only available option in the Edit menu is 'Preferences'. Currently, this
controls only the preferences for Defender. Any changes made here only take
effect on restart. The first checkbox 'Enable Defender' controls whether or
not the Defender extension is installed. If the status of this checkbox has
changed when you close the preferences, Agax will take the appropriate
action (i.e. create or delete Defender in the Extensions folder).

When Defender is enabled, you can choose how it protects your computer.
There are currently three types of protection:

- 'Examine volumes when mounted'. When a volume is mounted, it is examined.
If a virus is found you are asked to run Agax on the volume. There is a
further option under this: 'Simple examination' or 'Thorough examination'.
'Simple examination' is quick and will find viruses which always live in the
same place on a volume (such as AutoStart worms). 'Thorough examination'
does a complete scan of the volume, as if it was selected from the 'Examine'
menu, but without the progress bar. As you can imagine this is very slow, so
I don't recommend it.

(Note: After startup, all volumes except the system volume will be scanned
in the method indicated if volume examination is enabled)

- 'Examine applications when launched'. When an application or desk
accessory is launched, it is examined. If a virus is found, the launch is
prevented and you are told that the application is infected. Control Panels
are not examined, as they execute inside the Finder. To catch infected
control panels (not that I know of any) you would have to use the next type
of protection.

- 'Examine resource forks when opened'. When a resource fork is opened, it
is examined. If the file is infected, the open is prevented and you are told
that the file is infected. If this type is on as well as the examining
launches type, clean applications will be examined twice (but it doesn't
take long, so don't worry about it too much). When this type is selected,
even the Finder's 'Get Info' command will warn you of infection (for
applications at any rate).

Alongside all of these types of protection there is the option to log when
the checks occur. Even if these boxes are unchecked, infections will still
be logged - unchecking them just cuts out the 'Started...'/'Completed ...'
log entries. Warning: Turning this option on for resource forks is a bad
idea - resource forks are opened and closed all the time. It will
significantly slow down your computer, and make the log huge (too big for
SimpleText) very quickly. The log is also useful for determining the virus
causing the infection (without running Agax), as the notification message
does not tell you this information.

Defender's log is called 'Defender Log' and stored inside the System folder.

Defender too keeps track of which Additives are around - newly discovered
additives are disabled. The Additives which Defender uses are those beside
the last Agax which was run - so make sure you don't run Agax from a server
(actually, I haven't tested this - it might in fact mount the server during
startup).

Warnings, bugs, etc.

Warning: Both Defender and Agax make an attempt to guard against themselves
being infected. Thus you shouldn't fiddle with them - in particular don't
change Agax's memory allocation. This will likely be improved and extended
to Additives in the near future.

Agax replaces Antigax and GAx Defender - you should delete these and use
Agax and Defender instead.

System Requirements

Theoretically, Agax and Defender should work from System 7.0 up. However the
current version has only been tested on System 8.0 and 8.1 (that should
probably be MacOS 8.0 ... ), so I really don't know about anything other
than those.

Special Help Sections (FAQs)

I just expanded Agax and ran it, and it says it's been tampered with! I sure
didn't touch it - what gives?

This error usually results when Agax itself has become infected. It will
refuse to run if that happens, because the virus might re-infect files as
fast as Agax repaired them.

If it was something you did (e.g. modified it with ResEdit, changed its
memory requirements, etc.) then you should replace the modified Agax with a
freshly expanded version.

If it was due to a virus however, then it is more than likely that this
virus is in RAM (and therefore practically impossible to remove without
restarting), and would infect Agax again if you re-expanded it straight
away. So I suggest you do the following:

* Delete the Agax application, but keep the Stuffit archive handy.
* Restart your computer from your System CD (e.g. the Mac OS 8 CD), or
some other guaranteed virus-free System Folder.
* Expand Agax.
* Launch Agax.

If this still doesn't work (very unlikely), then try repeating the
procedure, but locking the Agax application after you expand it and before
you launch it.

If Agax does not find any viruses, then it is probable that it was infected
by a previously unknown virus. If this happens, then please get in touch
with me!

Originally I intended to keep Agax locked, so viruses would have more
difficulty infecting it, but in the initial release I neglected to do this.
This turned out to be far better for everyone, because Agax inadvertently
found some new viruses when they infected it - so I've decided to keep it
unlocked by default. If you wish to lock it however, then by all means go
ahead, but you will forgo that extra level of protection.

I just installed a new Additive, and chose the 'Verify over Internet'
option, and this huge dialogue came up with three lists in it. What does it
all mean, and should I worry?

OK, this was new in Agax v1.2. The list on the left shows the latest
versions of Additives that the Agax web server knows about. Anyone is free
to write their own Additive, but it won't appear on that list unless they
tell me about it. Also, new Additives will appear in this list when they are
released, so you can check here for updates instead of going to the web page
if you want to.

The other two lists contain Additives sitting in the Additives folder on
your computer that Agax is currently using. If the server knows about the
Additive (of that version), then it goes into the list on the left (i.e. the
middle of three). If the server doesn't know about it then it goes into the
list on the right. In addition to this each Additive has a tick or a cross
in front of it. This only indicates whether or not you've currently got it
enabled - nothing more. You can enable or disable all the Additives in
either list by using the radio buttons below. 'Leave' means they are left as
they appear in the list.

All of my Additives will appear in the Master List and be verified in the
middle list. It's only Additives written by other people that could
legitimately end up in the third list. You should be very suspicious of any
Additives unexpectedly turning up in that list, especially if they claim to
have come from me.

All of this is to ensure that someone won't make an Agax Additive that is a
virus, especially if they claim that I've written it. In general you should
need a good reason for trusting an Additive that the server doesn't.

Disclaimer

#include

----------------------------------------------------------------------------

{P^/
10/7/1999
John Dalgliesh